Security Cloud Privacy Tech
Accelerating innovation at AWS Security

Accelerating innovation at AWS Security

At re:Invent or attending remotely? Check out my “Ultimate Guide to AWS re:Invent 2022” post for some tips and tricks to get the most out of the show.

The security leadership session at AWS re:Invent 2022 was called, “What we can learn from customers: Accelerating innovation at AWS Security”. CJ Moses, CISO of AWS, used this session to explain what AWS is doing to help everyone with security, to highlight some key releases in 2022, and what we can expect in 2023 when it comes to security.

CJ definitely put his own stamp on the leadership sessions. More in this Twitter thread πŸ‘‡.

Twitter Thread 🧡

Tweet 1/57 πŸ‘‡ Next tweet

the @awscloud #security leadership session featuring @mosescj58 is starting now…

What we can learn from customers: Accelerating innovation at AWS Security


Tweet 2/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 up now, rocking some killer kicks πŸ‘Ÿ


Tweet 3/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 celebrating 15 years with @awscloud πŸ₯³πŸ₯³πŸ₯³

congrats CJ!


Tweet 4/57 πŸ‘‡ Next tweet πŸ‘† Start

β€œEveryday I get to learn about the problems we can solve for customers, and how we can do that”, @mosescj58


Tweet 5/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 drawing the parallels between his sportβ€”racingβ€”and #security
  • both driven by data
  • safety is a key factor for success


Tweet 6/57 πŸ‘‡ Next tweet πŸ‘† Start

good Bezos quote, β€œCustomers are always wonderfully, beautifully unsatisfied.”


Tweet 7/57 πŸ‘‡ Next tweet πŸ‘† Start

more than 90% of all the things @awscloud creates is directly from customers…the other 10% was built on behalf of those customers πŸ˜‰


Tweet 8/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 sharing some of his previous roles in law enforcement and the parallels in his role with @AWSSecurityInfo today

both looking for one tiny indicator amid a torrent of data


Tweet 9/57 πŸ‘‡ Next tweet πŸ‘† Start

@awscloud has the scale to enable security

pre-AWS @mosescj58 was working with @jeffbarr back in 2007. those conversations kicked off a ton of security work

…which brought CJ to AWS


Tweet 10/57 πŸ‘‡ Next tweet πŸ‘† Start

1st challenge: isolate workloads in a data center

…wow, think about that vs. what we heard in Peter DeSantis’ keynote on Monday about @awscloud Lambda function isolation


Tweet 11/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 reminiscing about the scrappy startup days of @AWSSecurityInfo

bean bag chairs => hand me down cube from AOL (!) in a dingy corner…working together as a small team cracking on a deeply interesting & challenging problem


Tweet 12/57 πŸ‘‡ Next tweet πŸ‘† Start

experiments lead to virtualizing the network layer. that was what provided the isolation needed


Tweet 13/57 πŸ‘‡ Next tweet πŸ‘† Start

that πŸ‘† was the start of @awscloud VPC


Tweet 14/57 πŸ‘‡ Next tweet πŸ‘† Start

β€œWe’ve grown a tiny bit”, @mosescj58 aims for understatement of the show


Tweet 15/57 πŸ‘‡ Next tweet πŸ‘† Start

by, the main β€œhome” for @AWSSecurityInfo is

…though there’s a ton of info everywhere in the service docs/whitepapers/etc.


Tweet 16/57 πŸ‘‡ Next tweet πŸ‘† Start

events seen on the @awscloud global network….

…that’s a lot of zeros


Tweet 17/57 πŸ‘‡ Next tweet πŸ‘† Start

that’s a new visual for the shared responsibility model. I think that’s much clearer than the older one w/way too many layers shown


Tweet 18/57 πŸ‘‡ Next tweet πŸ‘† Start

great reference on the shared responsibility model:


Tweet 19/57 πŸ‘‡ Next tweet πŸ‘† Start

β€œIf you have access or control, you have responsibility”, @mosescj58 << great summary and β€˜cheatsheet’ for the @awscloud shared responsibility model


Tweet 20/57 πŸ‘‡ Next tweet πŸ‘† Start

getting a bit of a peek behind the @AWSSecurityInfo curtain here from @mosescj58


Tweet 21/57 πŸ‘‡ Next tweet πŸ‘† Start

more on @awscloud Shield at



Tweet 22/57 πŸ‘‡ Next tweet πŸ‘† Start

@AWSSecurityInfo saw more than 224M malware samples in six months!


Tweet 23/57 πŸ‘‡ Next tweet πŸ‘† Start

all of the data that @AWSSecurityInfo gathers from their perspective informs new @awscloud services and features

that’s why we’re seeing so many new feature advances in things like Amazon Macie and Amazon GuardDuty


Tweet 24/57 πŸ‘‡ Next tweet πŸ‘† Start

more on @awscloud Macie at

…Amazon GuardDuty at


Tweet 25/57 πŸ‘‡ Next tweet πŸ‘† Start

exposed credentials are a continuing challenge. IAM helps reduce the blast radius (good ol’ principle of least privilege) and @awscloud Security Hub helps shine a light on those issues


Tweet 26/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 calls outβ€”again, and will do again & againβ€”how valuable MFA or multi-factor authentication is

more details at

remember if you’re onsite, you can pick up a hardware MFA key…and you can always use an MFA app


Tweet 27/57 πŸ‘‡ Next tweet πŸ‘† Start

details on getting an MFA key onsite πŸ‘‡


Tweet 28/57 πŸ‘‡ Next tweet πŸ‘† Start

get an MFA key online (with some restrictions) at


Tweet 29/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 moving into six πŸ”‘ learnings for @AWSSecurityInfo:
  1. educate everyone about #security
  2. build a security-first culture
  3. hire & develop the best


Tweet 30/57 πŸ‘‡ Next tweet πŸ‘† Start

...continuing the six πŸ”‘ learnings...
  1. shift left & automate
  2. invest in a dynamic workforce
  3. make security the department of β€œyes, and…”


Tweet 31/57 πŸ‘‡ Next tweet πŸ‘† Start

btw, @mosescj58’s voice is toast 🍞, but he’s powering through like a champ

hang in there CJ!


Tweet 32/57 πŸ‘‡ Next tweet πŸ‘† Start

moving on to predictions for 2023 now...


Tweet 33/57 πŸ‘‡ Next tweet πŸ‘† Start

increasing threat continue to drive the shift to the cloud

…this is a data problem. @awscloud Security Lake is designed to help remove barriers in analyzing that data and drawing insights from it


Tweet 34/57 πŸ‘‡ Next tweet πŸ‘† Start

more on @awscloud Security Lake in this blog post by @channyun…but you already knew that πŸ˜‰


Tweet 35/57 πŸ‘‡ Next tweet πŸ‘† Start

next prediction: we need more #security professionals. broaden your search net. we need more diversity and neurodiversity in our community

more perspectives only make things better


Tweet 36/57 πŸ‘‡ Next tweet πŸ‘† Start

next prediction: automate everything

why? there’s just too much data that needs protecting…and too much security data that needs to be processed. the only way is automation


Tweet 37/57 πŸ‘‡ Next tweet πŸ‘† Start

the new automated data discovery from Amazon Macie aims to help with this

session SEC209, β€œContinuous innovation in AWS threat detection & monitoring services” covers this in more depth (on the @AWSEvents YouTube channel soon)


Tweet 38/57 πŸ‘‡ Next tweet πŸ‘† Start

the blog post on Macie is up at


Tweet 39/57 πŸ‘‡ Next tweet πŸ‘† Start

another feature that helps here is external key store (XKS) for @awscloud KMS (key management system)

blog post on that is available at


Tweet 40/57 πŸ‘‡ Next tweet πŸ‘† Start



Tweet 41/57 πŸ‘‡ Next tweet πŸ‘† Start

more on @awscloud KMS at


Tweet 42/57 πŸ‘‡ Next tweet πŸ‘† Start

Tweet 43/57 πŸ‘‡ Next tweet πŸ‘† Start

another @AWSSecurityInfo IAM feature: multiple MFA devices for root users and IAM users

blog at


Tweet 44/57 πŸ‘‡ Next tweet πŸ‘† Start

btw, Verified Permissions is part of the broader β€œprovable security” initiative from @AWSSecurityInfo

tons of great features/services have come from this push

program page is up at


Tweet 45/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 diving into some post-quantum cryptography details. lots of work going on here in the community

blog post:


Tweet 46/57 πŸ‘‡ Next tweet πŸ‘† Start

@mosescj58 takes a quick pause as we get a video to intro @united


Tweet 47/57 πŸ‘‡ Next tweet πŸ‘† Start

now to a fireside chat between @mosescj58 and @deneendefiore, CISO @united


Tweet 48/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore is speaking to the resiliency challenges with technology. every traveller interaction @united crosses a lot of different systems, #security and resiliency are critical at each stage


Tweet 49/57 πŸ‘‡ Next tweet πŸ‘† Start

on automation, @deneendefiore talks about leveraging @AWSSecurityInfo services and automating their own systems to ensure that builders @united are starting from strong, secure-by-default positions


Tweet 50/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore @AWSSecurityInfo @united on culture: @deneendefiore points out that aviation is already a safety aware culture. it’s an β€œeasy” bridge to #security …when compared to other verticals

that common understanding makes collaboration a lot easier

if you don’t have it, you can build that culture


Tweet 51/57 πŸ‘‡ Next tweet πŸ‘† Start

another great call out that everyone can use: find the cultural points in your organization that are already there. use those as #security entry points

@deneendefiore & @united use regular safety briefings that are already in place



Tweet 52/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore @united @mosescj58 calls out @awscloud's approach with #security learning/education

check out and use their solution at


Tweet 53/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore @united @mosescj58 @awscloud @deneendefiore's focus for 2023:
  • be brilliant at the basics
  • advance capabilities as your environment changes (tech/biz/regulatory/etc.)
  • enable the business!


Tweet 54/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore @united @mosescj58 @awscloud on to the challenges around recruiting, developing, and maintaining #security talent...


Tweet 55/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore is a great example of a lot of #security career path...from anywhere. there's no one path to get into security

if you’re hiring, understand that. yes, it’s more work, but so, so worth it


Tweet 56/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore key point from @mosescj58: you can hire a diverse set of ppl, but if you don't have a culture of inclusion...they aren't going to stay or succeed!


Tweet 57/57 πŸ‘‡ Next tweet πŸ‘† Start

@deneendefiore @mosescj58 ...and that's a wrap from the #security leadership session by @mosescj58 at #reinvent 2022!

hopefully, he’s now off to get some tea 🍡 for his voice

More Content